Howdy, folks! I’m Nick – I help run tech here at thurrott.com. I initially posted this message as a response to lwetzel‘s thread here, but I wanted to make this it’s own thread for visibility and to provide a space for dialogue. We’ve had some feedback recently regarding folks being required to log in more frequently, and while I’m not half the writer Paul is, I hope I can add some clarity to the intended function of our login system here.
When logging in to thurrott.com, if you do not click the ‘remember me” button underneath the form, your session (referring to the “connection” established between you, a unique user, and our server – as represented by a cookie stored on your browser) persists only until the end of your browsing session. That is, until you close your browser.
If you do click the “remember me” button below the form when logging in, your session will persist for 14 days.
There are, however, a few scenarios that could lead to session persistence less than 14 days – which I’ve outlined below.
If cookies are disabled in your browser you will be unable to maintain a session, as the string of text we use to identify and authenticate you can not be stored. This is an unlikely scenario, and will be extremely apparent across every site you visit.
If browsing in “incognito” or “private mode”, any cookies set during the session will be cleared at the conclusion of the session – regardless of use of the “remember me” button. Additionally, any session data set in “normal” browsing will not carry over to incognito or private browsing. These browser functions are more accurately described as “amnesia mode”, and if anyone from Google is listening please change the name and send a check.
It should be noted that as part of our mechanism to defend against session hijacking (an attack by which a nefarious actor either guesses, or more likely, intercepts the session cookie in transit and sends it back to us, thereby masquerading as you), your unique ip address is a component of the algorithm that generates a string of text (referred to as the “session token”) that’s stored in the session cookie. As a result of this, if your ip address changes, your session will no longer persist. Even if you sync browser data across devices, for example, between Chrome on your desktop and on your mobile phone, they must remain on the same network for your session to persist as accessing the site via an LTE connection will change your ip address.
For the curious and nerdy among us, you can explore these session cookies and their expiry data in chrome by navigating to chrome://settings/cookies/detail?site=www.thurrott.com.
As always, thank you for being a part of a community we love so much and sharing your experiences, both good and bad, with us.
Please feel free to reach out to me directly with any questions or concerns: [email protected]
dftf
<p>You weren’t the only one… ;)</p>
dftf
<p>No-offense Nick but the type of audience Paul gets here will be at-least "intermediate" when it comes to tech, and I’d argue would already realise that if they browse in a "private" browser-window, all cookies will be lost upon closing it. And likewise them not ticking/checking a "Remember me" box will mean that they won’t be!</p><p><br></p><p>Also, for the later part of your explanation, you only offer instructions based on the <em>Google Chrome </em>browser. Again, with respect, you might need to "know the audience" for this site. I would bet the majority are <em>not</em> viewing it via that browser, but via <em>Edge, Brave, Firefox, Opera </em>or <em>Safari </em>or some <em>Chromium </em>or <em>Firefox </em>offshoot.</p><p><br></p><p>And in-terms-of some issues I feel need looking into more-promptly than the remembering-credentials issue:</p><p><br></p><p>(1) Can we decide if non-paying members should get to see comments on Premium articles or not? Currently they can leave a comment on such articles, but then never see any replies to it, which feels rather silly.</p><p><br></p><p>(2) Can the formatting of threaded/nested comments be done better? When you view this site on a smartphone, and come-across comments with many replies, the later replies start to fit into narrower-and-narrower columns, before later ones eventually becoming non-visible as they go off-screen.</p><p><br></p><p>(3) A dark-theme would be appreciated, especially when on mobile!</p><p><br></p><p>(4) The error-messages on this site need revising. So many times I’ve tried to create a Forum post, only for it to go to a "Whoops, we can’t find that page" when I tap "Submit". But then a few days after, the post sometimes appears, even-through it errored. Likewise, sometimes you can add comments on this site, other times you get a vague error, or it just forces you to do endless Captcha codes.</p><p><br></p><p>(5) Can the advertising be more-relevant to the audience? I’ve no idea why this site thinks I would be interested in tips on using fresh-herbs effectively when cooking, for example!</p>
dftf
<p>Another few things:</p><p><br></p><p>(6) It would be great if this site told you when someone has replied to one of your comments. The only thing you can do now is to bookmark pages you’ve commented on, and manually revisit them to check for updates. (If this <em>is </em>something Premium members do get, then the "Premium Membership Features & Benefits" lists don’t make that clear.)</p><p><br></p><p>(7) Could Premium forum-posts not appear for non-paying members? I don’t see the point in clicking on them, only to go to the "Join Thurrott Premium" landing-page. It makes the site feel broken. At-least redirect to a more-specific landing-page.</p><p><br></p><p>(8) The order of forum-posts doesn’t make sense. It appears they are listed by "Date started", whereas I’d argue "Last reply" makes more-sense. (I think it used to order in the latter-style, but this was changed after many archaic posts kept getting resurrected by random spam-comments. But the solution there is to simply have a cut-off on forum posts: so say after 30 days of a forum-post receiving no new comments, it should auto-lock and allow no-further new comments or replies. Most other forums work in this way.)</p>